An Assessment of End-user Vulnerability to Phishing Attacks
ABSTRACT
Phishing has grown to become a significant threat to unsuspecting Internet users. This paper investigates user susceptibility to such attacks by assessing the degree to which they can differentiate between phishing messages and those that are genuine. A web-based survey was used to present a mix of 20 legitimate and illegitimate emails, and participants were asked to classify them and explain the rationale for their decisions. A total of 179 participants were involved in the study, and results reveal that they were 36% successful in identifying legitimate emails and 45% successful in spotting illegitimate ones. Additionally, in many cases, the participants who identified illegitimate emails correctly could not provide convincing reasons for their selections.
AUTHORS
Computer Engineering and Communications, John Moores University, Liverpool
UK
Athanasios Karakasiliotis was born in Athens, Greece, and studied Computer Engineering and Communications in John Moores University in Liverpool, UK. After his graduation in July 2005, he attended the MRes Information System Security course at University of Plymouth, UK (2005-2006), where he was a researcher within the Network Research Group. His current interests include security awareness of Internet users in social engineering and phishing attacks.
School of Computer Science University of Nottingham,
Nottingham, United Kingdom
Steven Furnell is a professor of cyber security at the University of Nottingham. He is also an Honorary Professor with Nelson Mandela University in South Africa and an Adjunct Professor with Edith Cowan University in Western Australia. His research interests include: usability of security and privacy, security management and culture, and technologies for user authentication and intrusion detection. He has authored over 340 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society and Computer Insecurity: Risking the System. Prof. Furnell is the Chair of Technical Committee 11 (security and privacy) within the International Federation for Information Processing, and a board member of the Chartered Institute of Information Security.
Network Research Group of Engineering, University of Plymouth
UK
Maria Papadaki was born in Iraklio of Crete, Greece and studied Informatics in the Technological Educational Institute (T.E.I.) of Athens. After her graduation in November 1997, she worked for two years for the Library and the Network Operating Centre of the Athens School of Fine Arts. Funded by the State Scholarships Foundation (SSF) of Engineering at University of Plymouth, UK, and is currently a PhD student within the Network Research Group of the University. Current interests include intrusion detection and methods of automated system response.
Published In
Keywords
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive